On Thu, Oct 23, 2014 at 3:04 PM, John Griffith <john.griffi...@gmail.com>

The debate about whether to wipe LV's pretty much massively depends on the
>> intelligence of the underlying store. If the lower level storage never
>> returns accidental information ... explicit zeroes are not needed.

> On Thu, Oct 23, 2014 at 3:44 PM, Preston L. Bannister <
> pres...@bannister.us> wrote:

>> Yes, that is pretty much the key.
>> Does LVM let you read physical blocks that have never been written? Or
>> zero out virgin segments on read? If not, then "dd" of zeroes is a way of
>> doing the right thing (if *very* expensive).
> Yeah... so that's the crux of the issue on LVM (Thick).  It's quite
> possible for a new LV to be allocated from the VG and a block from a
> previous LV can be allocated.  So in essence if somebody were to sit there
> in a cloud env and just create volumes and read the blocks over and over
> and over they could gather some previous or other tenants data (or pieces
> of it at any rate).  It's def the "right" thing to do if you're in an env
> where you need some level of security between tenants.  There are other
> ways to solve it of course but this is what we've got.

Has anyone raised this issue with the LVM folk? Returning zeros on
unwritten blocks would require a bit of extra bookkeeping, but a lot more
efficient overall.
OpenStack-dev mailing list

Reply via email to